SLocker Android malware threat is back, and now it’s targeting business mobe

A RANSOMWARE THREAT called SLocker, which accounted for a fifth of Android malware attacks in 2015, is back with vengeance, according to security firm Wandera.

SLocker encrypts images, documents and videos on Android devices and demands a ransom to decrypt the files. Once the malware is executed, it runs in the background of a user’s device without their knowledge or consent.

Once it has encrypted files on the phone, the malware hijacks the device, blocking the user’s access, and attempts to intimidate them into paying a ransom to unlock it.

The malware also topped the ransomware charts in Germany and Australia, and Bitdefender claimed that 44 per cent of Android users it asked had already paid out a ransom in order to regain access to their devices.

The malware continued to cause problems and, in mid-2016, its attacks were estimated to have resulted in tens of millions of dollars in ransoms paid. Weeks after the initial wave of attacks, security companies patched the issue for their enterprise customers, devices were updated and the threat disappeared.

That is until now. Mobile security firm Wandera said that its mobile intelligence engine MI:RIAM had detected more than 400 variants of the same malware. It said that these strains were targeting businesses’ mobile fleets through easily accessible third-party app stores and websites where security checks are not as rigorous as they ought to be.

According to Wandera, the variants have been redesigned and repackaged to avoid all known detection techniques.

“They utilise a wide variety of disguises including altered icons, package names, resources and executable files in order to evade signature-based detection,” the company said.

Third-party app stores and unknown vendors should be avoided by Android users, while corporate administrators should be wary of SLocker returning and put in place security measures to monitor devices accordingly. µ